Sold by: Trellix
Deployed on AWS
Trellix Helix unifies threat events across the security stack and applies AI-driven analytics, alert triage, and automation to accelerate detection, investigation, and response. By correlating data from Trellix and 500+ third-party tools, Helix reveals the full attack story while reducing manual pivots and analyst workload. Key capabilities include AI-driven detection and triage, no-code hyperautomation for investigation and response, and an open integration ecosystem that supports cloud, hybrid, and air-gapped deployments.
3.9
Overview
Trellix Helix helps accelerate your SOC maturity with 100% alert triage, prioritization of threats and GenAI powered insights. Analysts of any level are empowered to prioritize investigations, get straight forward summaries and guidance to remediate or hunt for threats. Helix Connect integrates security controls from the Trellix Security Platform and over 500 third-parties (including 13 AWS integrations) to create deep multi-vector threat detections. Data is ingested from multiple sources, then correlated by pre-built analytics and rules so that you can rapidly see the complete story of an attack. UI-driven, point and click automation helps you to offload repetitive tasks and boost your SecOps team efficiency. Most customers will prefer an AWS Private Offer be extended, which may include customizations to the offering or additional pricing considerations. Not all purchasing options are shown due to the common requirement to customize each deployment of Trellix Helix Connect.
Highlights
- Improve SOC efficiency - Adding AI can do the work of several SOC analysts who are overwhelmed with logs and alerts.
- Reduce Risk - AI can help organizations focus on the most important threats.
- Revolutionize your SOC with AI-powered speed, adaptive threat insights, and AI-guided investigations.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Helix-Connect-100 | Use Request Private Offer (To Be Removed - Do Not Use) | $6,300.00 |
Helix-Connect-1000 | Use Request Private Offer (To Be Removed - Do Not Use) | $56,700.00 |
Trellix-OpenXDR-50GB | Use Request Private Offer (To Be Removed - Do Not Use) | $21,971.25 |
EDR Wise Add-on 1:1TE | Use Request Private Offer (To Be Removed - Do Not Use) | $9,999.00 |
EDR Wise Add-on 1:1TE | Use Request Private Offer (To Be Removed - Do Not Use) | $9,999.00 |
EDR Wise Add-on 1:1TE | Use Request Private Offer (To Be Removed - Do Not Use) | $9,999.00 |
Vendor refund policy
Refunds are handled on a per case basis.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Please reach out to us at support@trellix.com with any questions or concerns, and our support team will be more than happy to help.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Trellix
By Sophos
By Trend Micro
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Multi-Source Threat Data Integration
Correlates security events from Trellix Security Platform and over 500 third-party tools including 13 AWS integrations to create unified threat visibility across the security stack.
AI-Driven Alert Triage and Prioritization
Applies artificial intelligence-driven analytics to perform 100% alert triage, prioritize threats, and provide GenAI-powered insights for threat investigation and remediation guidance.
No-Code Automation for Investigation and Response
Provides UI-driven, point-and-click automation capabilities to offload repetitive security operations tasks and accelerate investigation and response workflows.
Pre-Built Analytics and Correlation Rules
Ingests data from multiple sources and correlates events using pre-built analytics and rules to reconstruct complete attack narratives and reduce manual investigation pivots.
Multi-Deployment Architecture Support
Supports cloud, hybrid, and air-gapped deployment models with an open integration ecosystem for flexible security infrastructure configurations.
Endpoint Detection and Response
Sophisticated EDR capabilities enabling detection, investigation, and response to multi-stage threats across all key attack vectors
Extended Detection and Response
Unified XDR platform detecting and responding to multi-stage threats across network, cloud, endpoint, identity, and email data sources
Managed Detection and Response
24/7 ransomware and breach prevention services delivered as a managed service with breach warranty and integration capabilities
Threat Prevention Technology
Prevention-first approach using sophisticated technologies to block a broad range of attacks across multiple vectors
Security Posture Management
Deployment capabilities with default-enabled strong protection and drift identification for security posture assessment
Extended Detection and Response
Managed XDR capabilities for detecting and responding to threats across multiple security domains
AI-Driven Threat Analytics
Artificial intelligence-powered analytics for threat detection and analysis across enterprise environments
Unified Security Platform
Centralized platform providing single source of truth for security operations across workloads, identities, endpoints, and networks
Threat Intelligence Integration
Deep threat intelligence capabilities integrated into security operations for enhanced threat context and decision-making
Multi-Domain Protection
Security coverage spanning AI, cloud, networks, endpoints, and devices within complex enterprise environments
Standard contract
No
No
No
Customer reviews
Vivek_Jaiswal
Advanced detection has transformed threat response and now improves forensic investigations
Reviewed on Apr 21, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Trellix Endpoint Detection and Response (EDR) is the automatic detection of threats and automatic threat detections and response, as there are many use cases that we are currently working with for this Trellix Endpoint Detection and Response (EDR) solution.
For a quick specific example of how I use Trellix Endpoint Detection and Response (EDR) for threat detection and response in my day-to-day work, Trellix Endpoint Detection and Response (EDR) solution is integrated with our organization's endpoint, monitoring all endpoint activity and detecting advanced threats such as ransomware, fileless malware, exploits, and living-off-the-land attacks. It uses behavior-based analysis as well as machine learning advanced threat intelligence to identify suspicious activity across the traditional antivirus solutions, making it a really great solution for threat protections and detections.
What is most valuable?
The best features Trellix Endpoint Detection and Response (EDR) offers primarily include advanced threat detection, which utilizes AI-driven analytics and capabilities to identify and respond to threats. It continuously collects data from different sources to perform a comprehensive analysis to identify endpoints. Another key feature is its forensic capability, which captures critical data, files, memory, and processes running on the host, allowing it to quickly take action in terms of containment, investigations, and automated responses, including integration with MITRE ATT&CK framework.
Out of the features I mentioned, I find myself relying on advanced threat detection the most because it quickly identifies emerging threats across the business and takes action in terms of detection as well as the response, also identifying the containment of devices, isolating devices, and taking IOCs blocking to the global organization level, which is enhanced by great forensic capabilities as well.
Trellix Endpoint Detection and Response (EDR) has positively impacted our organization by improving overall efficiency, overall detection and response capabilities, and the capability to improve threat detections as well as the overall efficiency, time utilized, resource management, and analytic use cases review, significantly enhancing the business functionality.
What needs improvement?
Regarding improvements needed for Trellix Endpoint Detection and Response (EDR), there are many ways the EDR solution can improve, but I do not see any specific area where improvement is necessary.
I think Trellix Endpoint Detection and Response (EDR) is a really good solution with no major improvements needed, though if Trellix support can be improved, that would make it even better, especially given its good integration with the cloud for updates and feature deployment.
For how long have I used the solution?
I have been using Trellix Endpoint Detection and Response (EDR) for more than four years.
What do I think about the stability of the solution?
Trellix Endpoint Detection and Response (EDR) is very stable.
What do I think about the scalability of the solution?
Trellix Endpoint Detection and Response (EDR) is really scalable, allowing easy deployment with its agent across all devices and servers within the organization.
How are customer service and support?
The customer support for Trellix Endpoint Detection and Response (EDR) is excellent.
Which solution did I use previously and why did I switch?
We previously used Cisco AMP EDR solution, but we prefer Trellix Endpoint Detection and Response (EDR) as it is more effective in detecting emerging threats.
How was the initial setup?
We purchased Trellix Endpoint Detection and Response (EDR) through the AWS Marketplace .
What was our ROI?
I have seen a return on investment with Trellix Endpoint Detection and Response (EDR); a lot of time is saved as it minimizes the efforts of manual work, requiring very few analysts to process all those alerts, thus improving operational efficiency and overall.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, setup cost, and licensing, our leadership or management generally discusses these aspects, and the vendor is very supportive in terms of deployment and setup costs. For the license requirement, we worked with the vendor to secure the minimum price for Trellix endpoint solutions, with no additional costs charged by the vendor.
Which other solutions did I evaluate?
Before choosing Trellix Endpoint Detection and Response (EDR), we evaluated other options including Cisco Antimalware protections and Symantec Endpoint Protection, but Trellix Endpoint Detection and Response (EDR) turned out to be a much better solution.
What other advice do I have?
This EDR solution stands out through its automated threat response, forensic investigation capabilities, and integration with the MITRE ATT&CK framework. Compared to other solutions, such as Cisco Antimalware protections and Symantec Endpoint protections, Trellix Endpoint Detection and Response (EDR) is not just behavior-based analysis but also supports signature-based analysis.
My advice for others looking into using Trellix Endpoint Detection and Response (EDR) is that they should work with the vendor on deployment and integrations with the EDR agent, ensuring complete discussions with the vendor for better results.
I think Trellix Endpoint Detection and Response (EDR) is a really good solution, with no performance glitches, performance behavior gaps, or discontinuities. I would rate this solution a 10 on a scale of one to ten because it not only serves as an EDR solution but also excels in detecting and responding to behaviors based on data, quickly identifying processes running on the host and correlating the data, taking action very quickly, making it a very good solution without any gaps that I see.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Duncan Kims
Advanced detection has reduced targeted attacks and builds daily confidence in our defenses
Reviewed on Apr 14, 2026
Review from a verified AWS customer
What is our primary use case?
Trellix Endpoint Detection and Response (EDR) is my organization's main solution for threat detection and mitigation of zero-day and advanced persistent threats in the network, and it is being used throughout the company.
It is highly effective and scalable in terms of detection and prevention, and our usage within Trellix Endpoint Detection and Response (EDR) enhances the value. The SOC team is constantly monitoring Trellix Endpoint Detection and Response (EDR) alerts, in addition to SIEM-generated incidents.
Inline mitigation capabilities work particularly well, and different deployment models cater to specific needs, along with frequent updates, low false positive rates, and advanced detection of targeted attacks.
Trellix Endpoint Detection and Response (EDR) is deployed in my organization using a hybrid cloud.
I purchased Trellix Endpoint Detection and Response (EDR) through the AWS Marketplace .
Advanced detection of targeted attacks has reduced the attacks, and I have seen low false positive rates as relevant metrics that show the return on investment.
What is most valuable?
Trellix Endpoint Detection and Response (EDR) has a very low false positive rate compared to other products, thus increasing the SOC efficiency in how my team relies on the solution day-to-day.
With the best features Trellix Endpoint Detection and Response (EDR) offers, ease of SOAR integration helps to automate the IOC distribution, and our security team and management trust the product. Advanced detection capabilities ensure that targeted attacks will be detected and blocked before they arrive at our network.
SOAR integration has assisted our security team and management in trusting the product.
What needs improvement?
One area where Trellix Endpoint Detection and Response (EDR) can be improved is the lack of device or user mapping.
I cannot make manual submissions to NX, which I would like to add about the needed improvements to make my experience better.
Performance optimization for busy networks is cumbersome.
For how long have I used the solution?
I have been working in my current field for seven years.
What was our ROI?
Trellix Endpoint Detection and Response (EDR) has positively impacted my organization with threat exchange and intel, low false positive ratios, and very high uptime values for both inline and spam modes, along with advanced detection and mitigation capabilities ensuring the highest level of protection and proper detection for command and control and bot attacks.
I have noticed a decrease in attacks as a specific outcome that shows the positive impact of Trellix Endpoint Detection and Response (EDR).
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is very cost-effective, but for small organizations working under a tight budget, the price may be challenging to manage.
What other advice do I have?
I would rate this product a 9 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Abubakar Bello
Centralized endpoint protection has improved reporting and now needs smarter automation
Reviewed on Mar 19, 2026
Review provided by PeerSpot
What is our primary use case?
We use routing and switches, IP phones, routers, switches, and a core switch. We also have Identity Services Engine, but it is end of life or end of support now, so we are working on replacing it.
Our solutions cut across various security products from Sophos and Trellix. We started with McAfee for 15 years and have now transitioned to Trellix, which acquired McAfee.
Basically, we use this to protect our endpoints.
How has it helped my organization?
Trellix Endpoint Detection and Response (EDR) does everything. It saves time, it saves money, and of course, it provides peace of mind. Anytime management wants any report, we can generate it automatically and push it. This is quite effective.
What is most valuable?
First, it is user-friendly. Second, it works with a lot of products and many different versions of Windows. Third, the reporting module is very good. Because if you are using Endpoint Protection with ePO, it has a central console that is quite easy to manage all endpoints at a single dashboard. It has very good threat intelligence.
In addition to the threat intelligence, it is easy to manage and granular. We can easily manage products up to the client level, and we know what is happening, then we do a lot of threat analysis. There are many resources that we can use. They also have very good support.
Trellix Endpoint Detection and Response (EDR) has very good threat hunting capability. We can use the logs to see when a process starts and what it hits, and the other processes or services it has affected. This is quite encouraging.
What needs improvement?
They can enhance Trellix Endpoint Detection and Response (EDR) using AI now to do more enhanced reporting and more enhanced threat analysis. There are some client task assignments and policies that should be automatically automated with AI with a click of a button. They should introduce AI and do a lot of things.
For how long have I used the solution?
We have used this for 16 years. All this information, how can we protect it? Are we covered by the GDPR regulation?
What do I think about the stability of the solution?
How are customer service and support?
We do a lot of research. Our only problem with Trellix is that it is resource intensive and takes a lot of resources. However, we found out that it works on our systems and on our desktops. But on our servers, we do not want it to touch our resources, so we deployed Sophos XDR on the server.
How was the initial setup?
It is straightforward. The only little challenge is that you have to get all the necessary updates for it to connect to the database.
I am using on-premises with the ePolicy Orchestrator and then we apply the license. After the product is already installed, we do the necessary upgrade, restart the system, and then push the agents to the endpoints. Then we receive updates and manage our clients.
What about the implementation team?
We have partners that provide Trellix Endpoint Detection and Response (EDR), so we work with them to deploy.
What's my experience with pricing, setup cost, and licensing?
It is quite reasonable.
Which other solutions did I evaluate?
For network troubleshooting, I moved to security now and I am not in network, but I think they are using Cisco product too for that.
CESARCASTRO
Cross-site threat hunting has improved visibility and supports proactive incident response
Reviewed on Jan 07, 2026
Review from a verified AWS customer
What is our primary use case?
We are in the energy market, specifically in energy generation. We got the Trellix EDR installed in most endpoints.
How has it helped my organization?
The tool helps us to traverse possible thread incidents thru our mult site network infrastructure. In case of any forensic case it will be helpful to hunt thru the history or evidence information the EDR collects.
What is most valuable?
Trellix Endpoint Detection and Response (EDR) is valuable because we have a Wide Area Network with many sites, and the EDR is cross-site since it is configured and managed from the cloud. This is very useful because it does not matter what is happening at one endpoint of the company in one site and the relation of an incident with another computer or endpoint at another site. All the tree of data that we have, which may be a lot of information help us to argue whether it is going to be a threat or not, can be analyzed. Most of the threats are not really threats, but we can see what is happening in the relations, in the networking, and the data that comes back and forth through our company's network infrastructure.
Threat hunting is valuable because it pinpoints what is happening everywhere in our networking infrastructure. We have a company contract working through a NOC- network operating center 24 hours a day. They are sending us reports many times a day if any threat is arising or asking why this operation has come through or if it is valid or not, or whether we have approved it. We have a lot of that type of information, but we need to manage the contract in a much more efficient way because I do not have the time to read the many information that comes through the network operating center, the security operating center, or the tools itself and the notification reports that I have. While I am managing the policies and the standards, I need a lot of people to monitor, detect, and recover if something happens. The tools are not useful for that. We need to have people with enough expertise to manage all of this.
What needs improvement?
I believe this is a product in evolution. I do not think it is a final tool to conduct forensics or information forensics of the incidents or information incidents that could arise in our network infrastructure. Trellix Endpoint Detection and Response (EDR) is interesting and is a very good entry point that has been evolving through the last years. In the next two months, I have a new contract, and we are pointing out to have an XDR solution with NDR and EDR together.
I do not have enough time to do it because I am the manager. However, my coworkers do not understand it yet. I have a contract with a third-party company that is making reports around that, but also they do not have enough experience or enough utility of this.
It would be interesting if I have a notification system from EDR. For example, if I am the manager, it would be interesting to have a warning, alarm, or something around that which could call me to get into the system and the dashboard to see what is happening. For example, if it is a high-level threat. However, most of them are just advisory or warnings. I do not enter the tool frequently. I guess I access it once every three months.
For how long have I used the solution?
I have been using Trellix Endpoint Detection and Response (EDR) for about six years.
What do I think about the stability of the solution?
As mentioned, this is an evolutionable tool. In the past there has been many times when the tool clogged the endpoints and we had to uninstall it. Windows (c) 10 enterprise edition, for instance, has some problems.
What do I think about the scalability of the solution?
I have not scalate the EDR solution yet. We have not had a critical alert to do it. It's supossed that the SOC company should do it just in the case.
How are customer service and support?
Tech support may be tricky if the support comes from Asia experts. Eeryone here speaks spanish and I are not affordable most of time. The tech is interesting when a high support level is called. Once someone from Argentina helped me that has excellent skills. We need more like her.
Which solution did I use previously and why did I switch?
No other EDR solutions.
How was the initial setup?
I guess it was complex. To get the EDR operating useful I had to wait around 2 years.
What about the implementation team?
Bafing from Peru is an integrator and consultant. They had done all of the work, and accompanied us many years.
What was our ROI?
Of course this is a yes. I had called the US partner during the past years when I need the support directly from the manufacturer and I got all the help to workaround or overcame issues. That had happended when my local partner company was not enough.
What's my experience with pricing, setup cost, and licensing?
I pay for what we get. But the service level from my partner company is not enough to overcome a complex case.
Which other solutions did I evaluate?
We are a gobernment company, so we ask the system to contract a company that is resourceful with cybersecurity withount mentioning the name or mark. We had been using Trellix since it was Mc Afee. But I had evaluated solutions from Microsoft, Panda, ESNET, as general malware tools.
What other advice do I have?
This year, I am planning to have a training for all the personnel of the company in every department so they can learn the basics of the endpoint tool. They can have more actions for possible threats or everything so they can help my department to make a better and faster action if something real is happening. Something like ethical hacking or a service, but using my own personnel in the company. I know that it is difficult, but I want to try to make that this year.
I have evaluated many products including Fortinet environment and a lot of appliances, and also many other products that we have now. I have evaluated around six or seven other brands or other products. However, I have learned Trellix Endpoint Detection and Response (EDR) tools and before that McAfee, around two decades. It is enough expertise that we have made. I do not want to lose that with maybe another interesting tool. For example, what would be interesting is if an XDR tool that can help us in managing the threats of the cybersecurity environment uses AI as an agent, a trained agent that helps our department, so it has to be trained first by a company like Trellix or another with the expertise or the capacity to help us actually. That is one thing I can recommend.
In February or March, I am signing a new contract with five levels, three more levels of security that we have now. We will have the tool, the SOC, the operating center service, and we need to manage applications firewall, web filtering, and XDR, and maybe next year also PAM and so on. I rated this solution an 8 out of 10.
CESARCASTRO
Enhancements needed for security alerts while ongoing training strengthens defenses
Reviewed on Jan 03, 2025
Review provided by PeerSpot
What is our primary use case?
I use César for our endpoints, our users, and the services from email and web services, back and forth, and also at the edge of our network. We have contracted firewalls and everything else for networking.
What is most valuable?
The product and the services we have are quite good. However, I cannot stay at this level forever. I have to improve continuously and dynamically.
Everything is working, and the company is training its personnel. I have had in a few months in the past some attacks on personnel—so phishing, for example. I have spent efforts on training our managers and others - what can software do if the knowledge base is low?
What needs improvement?
This year, I am going to improve some tools to be installed or maybe acquire some services to better manage our web services and work with my coworkers.
Application fiber also needs attention. Nowadays I am making applications that are publicly seen on the Internet. I need some protection, possibly multi-factor authentication improvements. I am seeing, for workflows, some sort of ethical hacking to test our environment.
Knowledge of everything, not only the product - maybe some kind of alerts - needs to emerge. I see the current ones as very low-tier, and they must improve.
For how long have I used the solution?
I have used Trellix for some years.
What do I think about the stability of the solution?
I haven't had any issues. The pricing is very fine and according to the service. Trellix has done a good job reducing threats.
How are customer service and support?
I have spent a lot of time with this product. I have contracted support and also have an operating control so I can get various types of support.
Which solution did I use previously and why did I switch?
I have used Trellix for some years. In the past, the EDR was McAfee. I have worked with it for around 20 years.
How was the initial setup?
The initial setup is a hard issue.
What about the implementation team?
I have two contractors that help me support the infrastructure here. One is at the edge of networking, and the other is in the endpoints of our company.
What was our ROI?
I don't have any return on this investment. This is just a security policy for everything.
What's my experience with pricing, setup cost, and licensing?
I haven't had any really great problems with pricing in the past two or three years.
Which other solutions did I evaluate?
Maybe another level of product and support from manufacturers would be better.
What other advice do I have?
I have seen companies without any EDR services, and we were lacking information. I started with IDR around four years ago, and the support services were very light. I remember doing many tickets for Trellix support, and my EDR was not properly functioning. I didn't feel the detection or the real protection. My company is one among 17 others that are part of a corporation. I am a member of the IT Security Council.
Overall product rating is five out of ten.